Getting started with Klocwork Desktop C/C++ Plug-in for Eclipse

From current

Desktop analysis > Eclipse C/C++ > Getting started with Klocwork Desktop C/C++ Plug-in for Eclipse

Contents

Information and instructions below also apply to the following C/C++ Eclipse-based IDEs:

  • Wind River Workbench
  • QNX Momentics

For more information about supported IDEs, see the System requirements.

Prerequisites and setup considerations

Installation

Before you can run Klocwork Desktop Analysis on your source code, you need to

An integration project to connect to

Connected desktop is a key step in harnessing the power of Klocwork Insight. Before you can connect, an integration project must be set up and analyzed on the Klocwork Server.

If you don't connect to an integration project, this is referred to as standalone desktop.

Linux only: Add the bin directory to your path

On Windows, the Klocwork user bin directory is added to your machine's PATH environment variable during installation. Klocwork recommends adding the Klocwork user bin directory to your machine's PATH environment variable on Linux. This eliminates path-specific entries in the following procedures and therefore makes it easier to share project files between developers.

Example directory: /opt/tools/Klocwork/user9.5/bin

The following steps assume you have added the bin directory to your path.

Capture and specify your build settings

Insight requires a build specification to perform an analysis. The build specification contains a list of the project's source files and their compiler options (includes and defines). Insight creates the build specification by monitoring the IDE build process or by monitoring an external (command-line) build process. The former is recommended as it automatically updates the build specification when files are added or removed from the project. This section describes how to set up a project to support automatic generation of the build specification.

To ensure that your build settings are captured accurately, choose either Option 1 or Option 2. If you build outside your IDE, you need to use Option 2. If you use QNX Momentics, see Capturing your build settings for QNX Momentics instead.

Important: Do not rely on the Eclipse CDT indexer to generate the build specification, because this method has proven inaccurate.

Option 1: More automated approach

  1. Go to Project Properties > C/C++ Build > Tool Chain Editor.
  2. Change the Current Builder for your active configuration from CDT Internal Builder to Gnu Make Builder and click Apply.
  3. Go to Project Properties > C/C++ Build.
  4. In the Builder Settings tab, deselect Use default build command.
  5. In the Build command field, replace your build command with the following: 
    ${system_path:kwinject} -u -o ${ProjDirPath}/kwinject.out <build_command>
    where <build_command> is your build command, for example, make
    See kwinject for an explanation of the options.
  6. Click OK.
  7. To create the build specification, just clean and build the project:
    1. Right-click your project and choose Clean project.
    2. Right-click your project and choose Build Project.
    You need to run a "clean" build only once to create the initial build specification in the project directory. After that, use kwinject with the -u option (as shown in the kwinject command above) to update the build specification when files are added or deleted.
  8. To specify that your build specification that was created in your project directory should be used, see "Specify your build settings" below.

Option 2: More manual approach

  1. Run kwinject directly to create a build specification. See Creating a C/C++ build specification.
  2. Specify your build settings as shown in the next section.

Specify your build settings

To specify your settings:

  1. Right-click your project in the Project Explorer and, from the pop-up menu, choose Properties.
  2. Select Klocwork Build Settings.
  3. Select Use build specification file and browse to the build specification.
  4. Click OK.

The settings are saved for the selected project and used when you run your next Klocwork analysis.

You only have to do this once for your project, as long as your updated build specification file remains in the same location.

Connect to a project on the Klocwork Server

Note: If you see a login dialog, enter the credentials provided by your Klocwork administrator, or your LDAP or NIS user name and password.

The maximum benefit of static code analysis is achieved when a small local desktop project is connected to a larger project on the Klocwork Server. The small local project is analyzed quickly while incorporating Klocwork knowledge bases generated on the server where additional source files were analyzed (for example, shared libraries). Connecting to a server project also allows you to share issue citing information with the integration build analysis and among team members. Contact your Klocwork administrator for more information about available server projects.

You can run desktop analysis without synchronizing with a server project. However, a standalone analysis can only derive knowledge from the local project's source files.

Note: If you see a login dialog, enter the credentials provided by your Klocwork administrator, or your LDAP or NIS user name and password.

  1. In the Project Explorer:
    • right-click the project and select Properties, or
    • click the project and select File > Properties.
  2. In the Properties view navigator, expand Klocwork, and check Enable project specific settings.
  3. Click the Synchronization tab.
  4. Ensure that the Klocwork Server host and port information is correct.
  5. In the Project name list, select the integration project you want to connect to.
    Optional: To view an updated list of integration projects available on the Klocwork Server, click Refresh .
  6. Enable the Use secure connection checkbox if a secure connection to the Klocwork Server has been set up.
  7. Click OK.
    When you set up your connection, synchronization occurs between the integration project and your desktop project, pulling configuration information from the integration project.
    Tip: You only have to do this step once for each project.

Access a file to work on

Watch a demo of continuous analysis in Eclipse | Klocwork Desktop

Continuous analysis when you open a file

Continuous analysis is enabled by default and analyzes the currently viewed file. You can disable continuous analysis and run the analysis manually.

From the Project Explorer, open a file in the editor.

When the file opens, Klocwork automatically analyzes the file for errors and warnings.

Issue highlighting

When the analysis is completed and if Klocwork issues are detected, you'll see an orange square Orange square Eclipse.png in the upper right corner of your editor.

When you mouse over the orange square it will display a summary of the issues detected in your file.

The detected issues are marked by a lighter orange rectangle Orange rectangle Eclipse.png on an error stripe to the right, and by an orange chevron Defect icon Eclipse.png to the left. When you mouse over either of these icons, you'll see a complete detected issue message.

Open the Issues and Details views

If you want to see a list of Klocwork-detected issues, you need to manually open the Klocwork Issues view:

Go to Window > Show View > Other... > Klocwork > Klocwork Issues.

To see traceback information, open the Klocwork Details view.

In the Issue list:

  • default filtering displays detected issues from the currently-selected file.
  • detected issues that display here are tagged as "Local" or "System" issues (for connected desktop projects only). Local issues are those you've introduced since the last integration build analysis; System issues are those that exist in the integration build and the desktop analysis.

Continuous analysis when you save a file

After you edit the file and then save it, Klocwork analyzes the file again.

Detected issues are flagged in the file, as described above. Any new issues that you see here are flagged as "Local" in the Klocwork Issues view. Local issues are those that you've injected into the file or project and are likely the ones you'll want to fix first before checking in your code.

Tip: Filtering in the Klocwork Issues view is set, by default, to display detected issues in the selected file or directory (in the Project Explorer). If you want to see all detected issues for a project, go to your filter settings and select "All source files in the same project". Click Filter icon.jpg to access and change your filter settings.

Once you start working on your files, it's the "Local" issues that are of primary importance.

Review and investigate

Traceback is a key investigative tool for dealing with detected issues.

To access traceback for a detected issue in your current file:

  • click the Orange rectangle Eclipse.png orange rectangle to the right of the line of source code that contains the error, or
  • click the orange chevron Defect icon Eclipse.png to the left
  • click an issue in the list in the Klocwork Issues view

Traceback information displays in the Klocwork Details view. After you investigate the issue and determine how it should be handled, you can change the issue's status and add comments by using the Current statuslist, which is also in the Klocwork Details view. More information about when and why you'd cite issues is described in Cite the remaining issues below.

In the Klocwork Issues view, you can:

  • Sort by columns. Two-column sorting is supported; the most recently selected column becomes your primary sorting criterion. Sorting by origin and severity can give you a quick view of the most severe issues that originated locally.
    Note: Sorting by origin is only relevant for connected projects.
  • Group issues by type to get a sense of the variety of issues detected in your project. Click the Grouping menu.jpg View Menu icon to the far right, and select Group by > Issue Type. You can also group by category, severity, status, package or owner.
    Tip: You can also group by taxonomy, severity, status, directory and owner. Select None to ungroup the issues. If you've grouped by taxonomy and the same issue was detected in each taxonomy, you'll see that one issue listed twice (in each applicable taxonomy). This is the only time you'd see the same issue listed twice.
  • Get more information on an issue by right-clicking it and selecting More information.jpg More information.

Cite the remaining issues

Citing refers to changing the status for detected issues and/or adding comments. You can cite issues one at a time or in batches. Issue statuses are a way of notifying others that you have reviewed the issue and made a recommendation about how it should be handled. It’s a good idea to add a comment to provide more detail.

Typically, you cite issues that:

  • you've tried to fix but were unable to
  • occur in third-party code and feel should be ignored
  • false positives
  • issues that can wait until a later release to be fixed

For instance, if there’s an issue that you just don’t care about, you can change its status to Ignore. To change the status of an issue:

  1. Either:
    • Right-click an issue in the list and select Change Status.
    • Alternatively, you can change that status in the Klocwork Details view, using the Current status list.
  2. Select a status from the list.
  3. Enter a comment in the Comments field.
  4. Save your change.
    Tip: Default filter settings mean that only issues with the status of Analyze and Fix are shown in the Klocwork Issues view. To narrow your focus or add issues to the view that are currently hidden by the filters, change the Filtering options. Click Filter icon.jpg at the far right of the Klocwork Issues view.
    The list of Klocwork issues updates to reflect the changes you made.
    If you're connected to a project on the Klocwork Server, your changes are now visible to other developers, and in Klocwork Review. Your desktop project is also updated with any changes made by other developers. This happens even before another build analysis has been run.

Before you check in

Now that your desktop analysis and issue citing is up to date, you may want to set up a pre-checkin code review from your IDE. For instructions, see Setting up a pre-checkin code review.

Use Klocwork Refactoring to improve your code design. For more information and examples, see Klocwork Refactoring.

What's next?

Now that you've run your first Klocwork desktop analysis, you may want to check out additional help resources:

Retrieved from "http://www.klocwork.com/products/documentation/current/Getting_started_with_Klocwork_Desktop_C/C%2B%2B_Plug-in_for_Eclipse"